AME 3.9.0 focuses on making event investigation faster, adding more context directly inside AME, improving observable mapping workflows, and tightening reliability across ticketing, vulnerability ingestion, and event handling.

Electric utilities face some of the world's strictest cybersecurity mandates. NERC CIP standards require continuous monitoring, rigorous access controls, fully auditable incident handling, and strict separation of critical assets - all without ever moving sensitive data outside your secure perimeter.

Alert Manager Enterprise (AME) helps grid operators meet these requirements with a structured, auditable alert lifecycle that stays entirely inside their existing Splunk environment.

If you already use Splunk for visibility and alerting, AME turns your current Splunk alerts into compliant workflows - without external tools, data egress, or heavy custom development.

No new consoles. No compliance gaps. Just reliable event management that supports grid protection and simplifies audits.

This release brings targeted improvements for quicker manual workflows, more customizable notifications, expanded vulnerability data sources (including native Microsoft Defender support), enhanced deployment flexibility, and stronger remediation tracking within Vulnerability Intelligence

Data ingestion failures often go unnoticed until it's too late. In this post, we share how a simple detection layer + Alert Manager Enterprise monitors ingestion health.